Hi All,<div><br></div><div>I was wondering how Auth data is calculated in strongswan .</div><div>According to rfc 4306 Calculation of Auth data sent in Auth payload of IKE_AUTH message is according to this folmula:-</div><div>
<br></div><div>Authdata = prf(prf(sharedSecret, "key Pad For Ikev2"), authInput )</div><div><br></div><div>authInput = (SA_INIT_MESSAGE_I/R | nonceData_of_I/R | prf(Skey_pi, idPayld)).</div><div><br></div><div>Now From initiators side:</div>
<div> Initiator will calculate with SA_INIT_MESSAGE_of_Initiator, nonceData_of_responder, idPayld_of_Initiator</div><div><br></div><div>On Responder side:</div><div> Resonder upon receiving the IKE_AUTH message will calculate the Auth Data with</div>
<div> SA_INIT_MESSAGE of Inittiator ,nonceData_of_receiver,idPayload_of_initiator.</div><div>Responder will match the Resulting Auth Data with the received Auth Data.</div><div><br></div><div>But, when I try to send wrong ID payload Data and calculate the Auth Data with that wrong ID payload Data And Send to Responder(In my case strongswan)</div>
<div>It should process that packet. But for Some reason It is sending the Auth Failure message.</div><div><br></div><div>Whereas if the formula mentioned above is followed Then Auth Failure should only occur in case there is a mismatch between ID payload Data and the Id data that is used for calculating the Auth Data.</div>
<div><br></div><div>I also want to know what is the significance of ID payload Data then in calculating Auth Data?</div><div><br></div><div>I am using a conformance tool for testing linux stack. Authentication method used is Preshared Key.</div>
<div><br></div><div>Thanks for any help in advance.</div><div><br></div><div>Regards,</div><div>Avishek</div><div><br></div><div><br></div><div> </div>